Return-Path: 
 <commits-return-32329-apmail-cordova-commits-archive=cordova.apache.org@cordova.apache.org>
X-Original-To: apmail-cordova-commits-archive@www.apache.org
Delivered-To: apmail-cordova-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 26D4F17CA5
	for <apmail-cordova-commits-archive@www.apache.org>;
 Wed,  4 Mar 2015 17:25:28 +0000 (UTC)
Received: (qmail 52844 invoked by uid 500); 4 Mar 2015 17:25:28 -0000
Delivered-To: apmail-cordova-commits-archive@cordova.apache.org
Received: (qmail 52796 invoked by uid 500); 4 Mar 2015 17:25:28 -0000
Mailing-List: contact commits-help@cordova.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cordova.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cordova.apache.org>
List-Post: <mailto:commits@cordova.apache.org>
List-Id: <commits.cordova.apache.org>
Delivered-To: mailing list commits@cordova.apache.org
Received: (qmail 52784 invoked by uid 99); 4 Mar 2015 17:25:28 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org)
 (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 04 Mar 2015 17:25:28 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at
 git1-us-west.apache.org, from userid 33)
	id DC6FCE05DF; Wed,  4 Mar 2015 17:25:27 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: mmocny@apache.org
To: commits@cordova.apache.org
Message-Id: <6c3106460dcd41a7bb6d8b42dc6f4b20@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: cordova-plugins git commit: Update whitelist plugin readme
Date: Wed,  4 Mar 2015 17:25:27 +0000 (UTC)

Repository: cordova-plugins
Updated Branches:
  refs/heads/master e960919bc -> 03de74861


Update whitelist plugin readme


Project: http://git-wip-us.apache.org/repos/asf/cordova-plugins/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-plugins/commit/03de7486
Tree: http://git-wip-us.apache.org/repos/asf/cordova-plugins/tree/03de7486
Diff: http://git-wip-us.apache.org/repos/asf/cordova-plugins/diff/03de7486

Branch: refs/heads/master
Commit: 03de74861052bafb59634674a7c88e29ad532ed6
Parents: e960919
Author: Michal Mocny <mmocny@gmail.com>
Authored: Wed Mar 4 12:25:19 2015 -0500
Committer: Michal Mocny <mmocny@gmail.com>
Committed: Wed Mar 4 12:25:19 2015 -0500

----------------------------------------------------------------------
 url-policy/README.md | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cordova-plugins/blob/03de7486/url-policy/README.md
----------------------------------------------------------------------
diff --git a/url-policy/README.md b/url-policy/README.md
index 5856a15..2a2759b 100644
--- a/url-policy/README.md
+++ b/url-policy/README.md
@@ -63,11 +63,9 @@ In `config.xml`, add `<allow-intent>` tags, like this:
     <allow-intent href="*" />
 
 ## Network Request Whitelist
-Controls which network requests (images, XHRs, etc) are allowed to be made.
+Controls which network requests (images, XHRs, etc) are allowed to be made (via cordova native hooks).
 
-Note: Please use a Content Security Policy (see below) instead (or also), since it is more secure.  This whitelist is mostly historical for webviews which do not support CSP.
-
-By default, only requests to `file://` URLs are allowed.
+Note: We suggest you use a Content Security Policy (see below), which is more secure.  This whitelist is mostly historical for webviews which do not support CSP.
 
 In `config.xml`, add `<access>` tags, like this:
 
@@ -87,13 +85,14 @@ In `config.xml`, add `<access>` tags, like this:
     <!-- Don't block any requests -->
     <access origin="*" />
 
+Without any `<access>` tags, only requests to `file://` URLs are allowed. However, the default cordova application should include `<access origin="*">` by default.
+
 ### Content Security Policy
-On Android and iOS, the network whitelist is not able to filter all types of requests (e.g.
-`<video>` & WebSockets are not blocked). So, in addition to the whitelist,
-you should use a [Content Security Policy](http://content-security-policy.com/) `<meta>` tag
-on all of your pages.
+Controls which network requests (images, XHRs, etc) are allowed to be made (via webview directly).
+
+On Android and iOS, the network request whitelist (see above) is not able to filter all types of requests (e.g. `<video>` & WebSockets are not blocked). So, in addition to the whitelist, you should use a [Content Security Policy](http://content-security-policy.com/) `<meta>` tag on all of your pages.
 
-On Android, support for CSP within the system webview starts with KitKat.
+On Android, support for CSP within the system webview starts with KitKat (but is available on all versions using Crosswalk WebView).
 
 Here are some example CSP declarations for your `.html` pages:
 


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org